I want to make web REPL for my custom interpreter. Let me explane my idea. When user write code in browser and then click "evaluate" button, code goes through linter and validator written in JS (validator and linter will be as separate modules), if OK code sends to server via ajax. Then on server separate environment created for that code evaluation. After evaluation that code, results goes back to broswer. So that thing that I dont know is how and with what tools create that separate environment for client code evaluation. If that is right, my question is: what should I do on server to run client's code safely? separate from main OS I guess. May be docker can help?
Use some good HTTP server library like libonion. Be sure to understand well HTTP.
Even if you have client side validation in JavaScript, don't trust it and repeat the validation on server side. An hostile user could send direct HTTP requests (outside of your AJAX).
Use session and cookies to identify (in the server) the various client browsers, and keep a separate environment (for your server-side interpreter) for each of them. Implement your re-entrant interpreter with isolation (of sessions and environments) in mind.
Containerization (with docker) is an extra security measure, but design your server side code to be secure (so check everything there) even without that.
If you have not read them already, read SICP, the Dragon Book, Lisp in Small Pieces, Programming language pragmatics, the GC handbook and this blog article, quite related in concepts (but with a very different terminology and approach, and indirectly related) to that one.
I want to make web REPL for my custom interpreter.
Then you could even take further inspiration from the 1980's Mentor system (and the related, even older, Centaur one). My Bismon draft report explains more how and why, but you need to abstract away from its title and skip its first few pages, required by European H2020 bureaucracy. My personal opinion about Mentor and Centaur is that the ideas described there are more than 25 years ahead of their time, and, given the power of current computers (1000x times better than in 1980s) it is worth resurrecting those old ideas. A probable major cause of the pragmatical and practical failure of those ideas is, I believe, the lack of computer power in 1980s era workstations.
PS. See also this.